[j-nsp] Strange Log about GRE Keepalive

Discussion:

Alireza Soltanian

2016-01-04 11:08:44 UTC

Hi

On our M320 we always have this log:

fpc2 pfe doesn't support GRE Keepalives

fpc4 pfe doesn't support GRE Keepalives

fpc3 pfe doesn't support GRE Keepalives

The point is we don't have Tunnel PIC on these FPCs but we have on FPC0 and
FPC1. Also GRE keepalive was configured for tunnels on those PICs. Is there
any method for suppressing this log?

Thank you for your help and support

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Roland Dobbins

2016-01-04 11:15:09 UTC

Permalink

Post by Alireza Soltanian
The point is we don't have Tunnel PIC on these FPCs but we have on
FPC0 and FPC1.

Have you checked the configuration to ensure that there is in fact no
tunnel on those FPCs? And have you analyzed the traffic to/from that
box to ensure that it isn't speaking GRE on the relevant IP(s)?

Roland Dobbins

2016-01-04 11:16:11 UTC

Permalink

Post by Roland Dobbins
Have you checked the configuration to ensure that there is in fact no
tunnel on those FPCs? And have you analyzed the traffic to/from that
box to ensure that it isn't speaking GRE on the relevant IP(s)?

And have you deployed iACLs to ensure that random hosts can't send
traffic directly to the relevant IPs on this box?

Alireza Soltanian

2016-01-04 11:24:49 UTC

Permalink

Hi

I did not understand what are saying. Anyway I personally installed the
modules on the chassis so I am sure there is no PIC Tunnel on FPC2,3,4.

GRE source destinations are on Interfaces which reside on other FPCs but GRE
tunnel interface is on FPC0 or FPC1.

Also I must mention FPC type is different:

FPC 0 REV 05 ------- ------ M320 E3-FPC Type 3

I3MB A REV 04 ------- ------ M320 E3-FPC I3 Mez
Board

I3MB B REV 04 ------- ------ M320 E3-FPC I3 Mez
Board

FPC 1 REV 02 ------- ------ M320 E3-FPC Type 3

I3MB A REV 06 ------- ------ M320 E3-FPC I3 Mez
Board

I3MB B REV 06 ------- ------ M320 E3-FPC I3 Mez
Board

FPC 2 REV 07 ------- ------ M320 E2-FPC Type 1

CPU REV 04 ------- ------ M320 FPC CPU

FPC 3 REV 05 ------- ------ M320 E2-FPC Type 3

CPU REV 04 ------- ------ M320 FPC CPU

FPC 4 REV 08 ------- ------ M320 E2-FPC Type 3

CPU REV 04 ------- ------ M320 FPC CPU

From: Alireza Soltanian [mailto:***@gmail.com]
Sent: Monday, January 4, 2016 2:39 PM
To: 'juniper-***@puck.nether.net' <juniper-***@puck.nether.net>
Subject: Strange Log about GRE Keepalive

Hi

On our M320 we always have this log:

fpc2 pfe doesn't support GRE Keepalives

fpc4 pfe doesn't support GRE Keepalives

fpc3 pfe doesn't support GRE Keepalives

The point is we don't have Tunnel PIC on these FPCs but we have on FPC0 and
FPC1. Also GRE keepalive was configured for tunnels on those PICs. Is there
any method for suppressing this log?

Thank you for your help and support

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Roland Dobbins

2016-01-04 11:48:03 UTC

Permalink

Post by Alireza Soltanian
I did not understand what are saying.

I'm trying to say that, PIC or no PIC, you might want to check the
config to ensure no tunnels are configured, and also ensure that you've
deployed iACLs so that random hosts on the Internet can't send packets
of any type, including GRE packets, to your router IPs.

Alireza Soltanian

2016-01-04 12:01:35 UTC

Permalink

Thanks for the explanation.

I don't have public IP address on this router. I installed some 10GE PICs on
other FPCs(2,3,4). Source of the GRE tunnels is IP addresses of those PICs.
But GRE tunnel itself is configured on PIC in FPC0 or FPC1.

Anyway Keepalive mechanism works fine and reacts to losing the Keepalive and
invalidates OSPF neighbors and routes as soon as NOT receiving Keepalive
from neighbor. Neighbor routers are all Cisco IOS routers.

There is no problem in operation but I want to suppress this log.

From: Alireza Soltanian [mailto:***@gmail.com]
Sent: Monday, January 4, 2016 2:55 PM
To: 'juniper-***@puck.nether.net' <juniper-***@puck.nether.net>
Cc: '***@arbor.net' <***@arbor.net>
Subject: RE: Strange Log about GRE Keepalive

Hi

I did not understand what are saying. Anyway I personally installed the
modules on the chassis so I am sure there is no PIC Tunnel on FPC2,3,4.

GRE source destinations are on Interfaces which reside on other FPCs but GRE
tunnel interface is on FPC0 or FPC1.

Also I must mention FPC type is different:

FPC 0 REV 05 ------- ------ M320 E3-FPC Type 3

I3MB A REV 04 ------- ------ M320 E3-FPC I3 Mez
Board

I3MB B REV 04 ------- ------ M320 E3-FPC I3 Mez
Board

FPC 1 REV 02 ------- ------ M320 E3-FPC Type 3

I3MB A REV 06 ------- ------ M320 E3-FPC I3 Mez
Board

I3MB B REV 06 ------- ------ M320 E3-FPC I3 Mez
Board

FPC 2 REV 07 ------- ------ M320 E2-FPC Type 1

CPU REV 04 ------- ------ M320 FPC CPU

FPC 3 REV 05 ------- ------ M320 E2-FPC Type 3

CPU REV 04 ------- ------ M320 FPC CPU

FPC 4 REV 08 ------- ------ M320 E2-FPC Type 3

CPU REV 04 ------- ------ M320 FPC CPU

From: Alireza Soltanian [mailto:***@gmail.com]
Sent: Monday, January 4, 2016 2:39 PM
To: 'juniper-***@puck.nether.net' <juniper-***@puck.nether.net
<mailto:juniper-***@puck.nether.net> >
Subject: Strange Log about GRE Keepalive

Hi

On our M320 we always have this log:

fpc2 pfe doesn't support GRE Keepalives

fpc4 pfe doesn't support GRE Keepalives

fpc3 pfe doesn't support GRE Keepalives

The point is we don't have Tunnel PIC on these FPCs but we have on FPC0 and
FPC1. Also GRE keepalive was configured for tunnels on those PICs. Is there
any method for suppressing this log?

Thank you for your help and support

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Niall Donaghy

2016-01-04 14:51:19 UTC

Permalink

Hi Alireza,

If you want to suppress this message from the on-box log files, you can do
something like this on MX - not sure about M320:

set system syslog <file> <target> match "!(fpc.*pfe doesn't support
GRE Keepalives)"

To suppress the message from going to your syslog server, you can try this -
but I haven't tested this myself:

set system syslog <host> <target> match "!(fpc.*pfe doesn't support
GRE Keepalives)"

Finally, this is not applicable in your case but might help someone
searching the archive in future.
If you have an MS-MIC card on MX-series, you can alter the syslog severity
in the syslog process on the MS-MIC itself.
We needed this workaround to stop the eventd process hogging CPU due to
excessive error messages from the MS-MIC using Netflow v9 with mpls-ipv4
template; the errors are 'cosmetic' but nevertheless hogging the main RE
CPU, if generated.

set chassis fpc 9 pic 0 adaptive-services service-package
extension-provider syslog daemon critical

HTH,
Niall

-----Original Message-----

Alireza Soltanian
Sent: 04 January 2016 12:02
Subject: Re: [j-nsp] Strange Log about GRE Keepalive
Thanks for the explanation.
I don't have public IP address on this router. I installed some 10GE PICs

on other

FPCs(2,3,4). Source of the GRE tunnels is IP addresses of those PICs.
But GRE tunnel itself is configured on PIC in FPC0 or FPC1.
Anyway Keepalive mechanism works fine and reacts to losing the Keepalive and
invalidates OSPF neighbors and routes as soon as NOT receiving Keepalive

from

neighbor. Neighbor routers are all Cisco IOS routers.
There is no problem in operation but I want to suppress this log.
Sent: Monday, January 4, 2016 2:55 PM
Subject: RE: Strange Log about GRE Keepalive
Hi
I did not understand what are saying. Anyway I personally installed the

modules

on the chassis so I am sure there is no PIC Tunnel on FPC2,3,4.
GRE source destinations are on Interfaces which reside on other FPCs but GRE
tunnel interface is on FPC0 or FPC1.
FPC 0 REV 05 ------- ------ M320 E3-FPC Type 3
I3MB A REV 04 ------- ------ M320 E3-FPC I3 Mez
Board
I3MB B REV 04 ------- ------ M320 E3-FPC I3 Mez
Board
FPC 1 REV 02 ------- ------ M320 E3-FPC Type 3
I3MB A REV 06 ------- ------ M320 E3-FPC I3 Mez
Board
I3MB B REV 06 ------- ------ M320 E3-FPC I3 Mez
Board
FPC 2 REV 07 ------- ------ M320 E2-FPC Type 1
CPU REV 04 ------- ------ M320 FPC CPU
FPC 3 REV 05 ------- ------ M320 E2-FPC Type 3
CPU REV 04 ------- ------ M320 FPC CPU
FPC 4 REV 08 ------- ------ M320 E2-FPC Type 3
CPU REV 04 ------- ------ M320 FPC CPU
Sent: Monday, January 4, 2016 2:39 PM
Subject: Strange Log about GRE Keepalive
Hi
fpc2 pfe doesn't support GRE Keepalives
fpc4 pfe doesn't support GRE Keepalives
fpc3 pfe doesn't support GRE Keepalives
The point is we don't have Tunnel PIC on these FPCs but we have on FPC0 and
FPC1. Also GRE keepalive was configured for tunnels on those PICs. Is

there any

method for suppressing this log?
Thank you for your help and support
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Alireza Soltanian

2016-01-04 14:56:10 UTC

Permalink

Thanks man I will check this...

Post by Niall Donaghy
Hi Alireza,
If you want to suppress this message from the on-box log files, you can do
set system syslog <file> <target> match "!(fpc.*pfe doesn't support
GRE Keepalives)"
To suppress the message from going to your syslog server, you can try this -
set system syslog <host> <target> match "!(fpc.*pfe doesn't support
GRE Keepalives)"
Finally, this is not applicable in your case but might help someone
searching the archive in future.
If you have an MS-MIC card on MX-series, you can alter the syslog severity
in the syslog process on the MS-MIC itself.
We needed this workaround to stop the eventd process hogging CPU due to
excessive error messages from the MS-MIC using Netflow v9 with mpls-ipv4
template; the errors are 'cosmetic' but nevertheless hogging the main RE
CPU, if generated.
set chassis fpc 9 pic 0 adaptive-services service-package
extension-provider syslog daemon critical
HTH,
Niall

-----Original Message-----

on other

and

invalidates OSPF neighbors and routes as soon as NOT receiving Keepalive

from

modules

on the chassis so I am sure there is no PIC Tunnel on FPC2,3,4.
GRE source destinations are on Interfaces which reside on other FPCs but

GRE

tunnel interface is on FPC0 or FPC1.
FPC 0 REV 05 ------- ------ M320 E3-FPC Type 3
I3MB A REV 04 ------- ------ M320 E3-FPC I3 Mez
Board
I3MB B REV 04 ------- ------ M320 E3-FPC I3 Mez
Board
FPC 1 REV 02 ------- ------ M320 E3-FPC Type 3
I3MB A REV 06 ------- ------ M320 E3-FPC I3 Mez
Board
I3MB B REV 06 ------- ------ M320 E3-FPC I3 Mez
Board
FPC 2 REV 07 ------- ------ M320 E2-FPC Type 1
CPU REV 04 ------- ------ M320 FPC CPU
FPC 3 REV 05 ------- ------ M320 E2-FPC Type 3
CPU REV 04 ------- ------ M320 FPC CPU
FPC 4 REV 08 ------- ------ M320 E2-FPC Type 3
CPU REV 04 ------- ------ M320 FPC CPU
Sent: Monday, January 4, 2016 2:39 PM
Subject: Strange Log about GRE Keepalive
Hi
fpc2 pfe doesn't support GRE Keepalives
fpc4 pfe doesn't support GRE Keepalives
fpc3 pfe doesn't support GRE Keepalives
The point is we don't have Tunnel PIC on these FPCs but we have on FPC0

and

FPC1. Also GRE keepalive was configured for tunnels on those PICs. Is

there any

method for suppressing this log?
Thank you for your help and support
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp